massive data theft at MasterCard processor

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Jun 21 09:12:50 EDT 2005 

Peter Fairbrother <zenadsl6186 at zen.co.uk> writes:
>Steven M. Bellovin wrote:
>> Designing a system that deflects this sort of attack is challenging.
>> The right answer is smart cards that can digitally sign transactions
>
>No, it isn't! A handwritten signature is far better, it gives post-facto
>evidence about who authorised the transaction - it is hard to fake a
>signature so well that later analysis can't detect the forgery, and few
>people would bother to do it that well anyway, while it is easy enough to
>enter a PIN with "digital reproducibility".

Not only that, you can mess up the transaction without even wanting to do it
fraudulently.  With PIN-based authentication (at least every one I've ever
seen), you insert your card, enter your PIN to authorise the transaction, and
then it prints your receipt.  As you point out, there's no link between the
paper trail and the authorisation, and by the time you get to see the paper
trail it's too late to do anything about it.  Running a two-phase commit to
fix this is unworkable (it'd double the number of transactions and require
holding state at the acquirer gateway), and even then it doesn't tie the
authorisation to the paper trail.

Consider a recent example, in which a hotel inadvertently charged me twice for
one stay.  The first time they ran the transaction on the handheld card
terminal the built-in printer ran out of paper, so they reversed the charge
and charged me a second time with a new roll of paper in the printer.  Since I
didn't trust them to get this right, I asked for both printouts, wrote "VOID"
on the first one, and signed the second one.  As it turned out, they didn't
get it right, and I have a pretty clear paper trail to prove that the first
transaction wasn't authorised.  If I'd done this with a PIN, both would have
been authorised, because I can only take the merchant's word for it that
they've cleared up the first transaction for me - the client has to go to some
lengths to prove their credentials, but the merchant only has to claim that
they've sorted it out. In fact I don't think there's any way for them to prove
to a client that they've reversed a transaction short of phoning their bank
and getting them to fax out a statement.

So I'll stick with printouts and signatures for the foreseeable future.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list